From f7252519beabb35fb2412992a971f20e0d4048a9 Mon Sep 17 00:00:00 2001
From: Patrick Spek
Date: Fri, 14 Aug 2020 11:28:17 +0200
Subject: Update crt utils
---
.local/bin/crt-fetch | 50 ++++++++++++++++++++++++++++++++++++++
.local/bin/crt-fp | 68 ++++++++++++++++++++++++++++++----------------------
2 files changed, 90 insertions(+), 28 deletions(-)
create mode 100755 .local/bin/crt-fetch
(limited to '.local')
diff --git a/.local/bin/crt-fetch b/.local/bin/crt-fetch
new file mode 100755
index 0000000..670669f
--- /dev/null
+++ b/.local/bin/crt-fetch
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+# This program is free software: you can redistribute it and/or modify it under
+# the terms of the GNU Affero General Public License as published by the Free
+# Software Foundation, either version 3 of the License, or (at your option) any
+# later version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+# details.
+
+main()
+{
+ # Handle opts
+ while getopts ":h" opt
+ do
+ case "$opt" in
+ h) usage && exit 0 ;;
+ *)
+ printf "Invalid option passed: %s\n" "$OPTARG" >&2
+ ;;
+ esac
+ done
+
+ shift $(( OPTIND - 1 ))
+
+ # Show help
+ [ -z "$1" ] && usage && exit 1
+
+ # Perform the request to fetch the certificate, and print it on STDOUT
+ printf "%s" "" \
+ | openssl s_client -connect "$1:${2:-443}" 2> /dev/null \
+ | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
+}
+
+usage()
+{
+ cat <&2
+ ;;
+ esac
+ done
+
+ shift $(( OPTIND - 1 ))
- # Show help
- [ "$OPT_HELP_ONLY" ] && usage && exit 0
- [ -z "$1" ] && usage && exit 1
+ # Set algs to show by default
+ [ -z "$DO_ALGS" ] && DO_ALGS="$ALGS"
+
+ # Use STDIN as cert if no arguments are given
+ if [ -z "$*" ] || [ "$1" = "-" ]
+ then
+ no_args=1
+ set -- "$(mktemp)"
+ cat > "$1"
+ fi
# Generate fingerprint info for all certificates in question
for crt in "$@"
do
- printf "%s: \n" "$crt"
- for alg in md5 sha1 sha256
+ # Skip this certificate if it does not exist
+ if [ ! -f "$crt" ]
+ then
+ printf "No such file or directory: %s\n" "$crt" >&2
+ continue
+ fi
+
+ # Skip the filename if only a single file is being checked
+ [ "$#" -gt 1 ] && printf "%s: \n" "$crt"
+
+ # Show fingerprints for files
+ for alg in $DO_ALGS
do
- printf " %-8s %s\n" "$alg" "$(fingerprint "$alg" "$crt")"
+ [ "$#" -gt 1 ] && printf "%s" "\t"
+ printf "%-6s %s\n" "$alg" "$(fingerprint "$alg" "$crt")"
done
done
}
fingerprint()
{
- openssl x509 -noout -fingerprint "-$1" -inform pem -in "$2" \
- | awk -F= '{ print $NF }'
-}
-
-opts()
-{
- OPTS=0
-
- while getopts ":h" opt
- do
- case "$opt" in
- h) OPT_HELP_ONLY=1 ;;
- *)
- printf "Invalid option passed: %s\n" "$OPTARG" >&2
- ;;
- esac
- done
-
- unset opt
+ openssl x509 -noout -fingerprint "-$1" -inform pem -in "$2" | awk -F= '{ print $NF }'
}
usage()
--
cgit v1.1